About

Customers who hand over credit cards to bartenders and wait staff deserve better protection than they got from a large restaurant chain, say state attorneys who recently won a six-figure settlement for a restaurant group's data-security failures.

The Briar Group, in Boston, agreed to pay Massachusetts $110,000 in civil penalties under the terms of a settlement announced on March 28, stemming from an eight-month long data breach in 2009 in its restaurants' computer systems that allowed hackers to access customers' credit and debit information.For a time, according to the office of Attorney General Martha Coakley, Briar Group officials knew of the breach but staff continued to accept credit and debit cards from customers.

In addition to the fines, Coakley's office wants a change of operations at the Briar Group businesses. Restaurants and bars that fall under the company's umbrella: The Lenox, M.J. O'Connor's, Ned Devine's, The Green Briar, and The Harp.

"In addition to the payment, this agreement also works to ensure that steps have been taken to protect consumer information moving forward," said Coakley in a statement.

That means that the Briar Group must implement an enhanced computer network security system, and, under the terms of the settlement, the company must comply with both Massachusetts' data security regulations and the nationally set Payment Card Industry Data Security Standards.

Leading up to, and during, the breach, according to the AG, the Briar Group's point-of-sale computer systems were operated under default user-names and passwords, and its remote-access and wireless elements were not properly secured.

"When consumers use their credit and debit cards at Massachusetts establishments, they have an expectation that their personal information will be properly protected," AG Coakley said in the statement. "In this instance, the Briar Group did not take proper protections."

How do you protect your credit and debit info in restaurants and bars? You might not be able to confirm an establishment's data-security measures are up to par, but you can do two things to hedge your bets:

Use credit before debit: Many credit cards offer maximum amounts for which consumers can be held liable in cases of fraud. Debit card users could be left holding the whole bill, when it comes to fraudulent charges incurred via stolen information.

Regularly check your statements: Especially if you often hand over your cards at the bartop or tableside. Catching suspicious charges within the first 60 days often increases your chances of getting the issuing company to limit your credit-card liability.